Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-287 (认证机制不恰当) — Vulnerability Class 1187

1187 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-23541 jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC — node-jsonwebtoken 5.0 Medium2022-12-22
CVE-2022-23501 TYPO3 vulnerable to Improper Authentication in Frontend Login — typo3 5.9 Medium2022-12-14
CVE-2022-2757 Kingspan TMS 300 CS 授权问题漏洞 — TMS300 CS 9.8 Critical2022-12-13
CVE-2022-23505 Passport-wsfed-saml2 vulnerable to Authentication Bypass for WSFed authentication — passport-wsfed-saml2 5.3 Medium2022-12-13
CVE-2022-2752 Potential vulnerabilities in GM login process — GateManager 5.5 Medium2022-12-09
CVE-2022-29838 Authentication issue with the encrypted volumes and auto mount feature in My Cloud devices — My Cloud 4.3 Medium2022-12-09
CVE-2022-46829 JetBrains Gateway 授权问题漏洞 — JetBrains Gateway 7.1 High2022-12-08
CVE-2022-39899 SAMSUNG Mobile devices 授权问题漏洞 — Samsung Mobile Devices 5.7 Medium2022-12-08
CVE-2022-39901 SAMSUNG Mobile devices 授权问题漏洞 — Samsung Mobile Devices 6.5 Medium2022-12-08
CVE-2022-45118 Telephony in communication subsystem sends public events with personal data, but the permission is not set. — OpenHarmony 6.2 Medium2022-12-08
CVE-2022-45877 PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. — OpenHarmony 8.3 High2022-12-08
CVE-2022-43549 Veeam Backup for Google Cloud 授权问题漏洞 — Veeam Backup for Google Cloud 9.8 -2022-12-05
CVE-2022-46145 authentik vulnerable to unauthorized user creation and potential account takeover — authentik 8.1 High2022-12-02
CVE-2022-43900 IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps security bypass — WebSphere Automation for IBM Cloud Pak for Watson AIOps 5.3 Medium2022-12-01
CVE-2022-36960 SolarWinds Platform Improper Input Validation — SolarWinds Platform 8.8 High2022-11-29
CVE-2022-41912 crewjam/saml go library is vulnerable to signature bypass via multiple Assertion elements — saml 9.1 Critical2022-11-28
CVE-2022-37931 A vulnerability in NetBatch-Plus software allows unauthorized access to the application — NetBatch-Plus software 7.3 High2022-11-22
CVE-2022-40602 Zyxel LTE3301-M209 信任管理问题漏洞 — LTE3301-M209 9.8 Critical2022-11-22
CVE-2022-3477 tagDiv Composer < 3.5 - Unauthenticated Account Takeover — tagDiv Composer 8.1 -2022-11-14
CVE-2022-34331 IBM Power FW security bypass — Power FW 5.5 Medium2022-11-11
CVE-2022-39038 FLOWRING Agentflow BPM - Broken Access Control — Agentflow BPM 8.8 High2022-11-10
CVE-2022-38119 POWERCOM CO., LTD. UPSMON PRO - Broken Authentication — UPSMON PRO 9.8 Critical2022-11-10
CVE-2022-39892 Samsung Pass 授权问题漏洞 — Samsung Pass 3.6 Low2022-11-09
CVE-2022-39387 XWiki OIDC Authenticator vulnerable to OpenID login bypass due to improper authentication — oidc 9.1 Critical2022-11-04
CVE-2022-43451 Multiple path traversal in appspawn and nwebspawn services. — OpenHarmony 8.4 High2022-11-03
CVE-2022-39019 Broken access controls on PDFtron WebviewerUI in M-Files Hubshare — Hubshare 6.3 Medium2022-10-31
CVE-2022-38744 FactoryTalk Alarm and Events Server Vulnerable to Denial-Of-Service Attack — FactoryTalk Alarm and Events Server 7.5 High2022-10-27
CVE-2022-3674 SourceCodester Sanitization Management System missing authentication — Sanitization Management System 7.3 High2022-10-26
CVE-2022-39355 Discourse Patreon vulnerable to improper validation of email during Patreon authentication — discourse-patreon 9.1 Critical2022-10-26
CVE-2022-39267 Brokercap Bifrost vulnerable to authentication bypass for admin and monitor user groups — Bifrost 8.8 High2022-10-19

Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1187 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.